Understanding the Internal Audit | What is Internal Audit ? | Basics of Internal Auditing in Bangla!
The role of internal audit is to provide independent assurance that an organization's risk management, governance and internal control processes are operating effectively.
What do internal auditors do?
We have a professional duty to provide an unbiased and objective view. We must be independent from the operations we evaluate and report to the highest level in an organization: senior managers and governors. Typically this is the board of directors or the board of trustees, the accounting officer or the audit committee.
To be effective, the internal audit activity must have qualified, skilled and experienced people who can work in accordance with the Code of Ethics and the International Standards.
The nature of internal auditing, its role within the organization and the requirements for professional practice are contained within the International Professional Practices Framework (IPPF).
What is COSO framework?
The COSO (Committee of Sponsoring Organization) Framework is a framework for designing, implementing and evaluating internal control for organizations, providing enterprise risk management. It was published for the Internal Control Integrated Framework or ICIF and it is widely used in the United States. Executive Vice President and General Counsel, James C. Treadway, Jr, led a commission for creating this framework in conjunction with five private sector organizations:
American Institute of Certified Public Accountants (AICPA)
National Association of Accountants (now the Institute of Management Accountants (IMA))
American Accounting Association (AAA)
The Institute of Internal Auditors (IIA)
Financial Executives International (FEI)
These organizations are called the Committee of Sponsoring Organizations of the Treadway Commission (COSO). The goal was to create a framework for providing guidance on internal control, allowing organizations to establish controls throughout their environment.
What are the Five Principles of COSO Internal Control?
The five principles of COSO Internal Control are Risk Assessment, Control Activities, Information and Communication, Control Environment and Monitoring Activities.
Risk Assessment:
All organizations have risks, meaning they may have factors that cause them not to reach their objectives, be they internal or external factors. Appropriate risk assessment is performed by providing reasonable assurance that organizations take only risks with an acceptable tolerance.
Control Activities
Control activities are those activities that are taken to help mitigate risk at all levels of the organization. The COSO framework helps to ensure that the activities taken by all members of the organization are those that would help the company achieve its goals without taking unnecessary risks.
Information and Communications:
Every organization has communication occurring daily, both internal and external. The controls provided by COSO help to ensure that the communications that are occurring, internally and externally, are following best practices and working towards accomplishing the organization’s goals. They are also in place to ensure that only appropriate information is shared. Obviously, internal communication would have a different set of rules than external communication.
Control Environment:
Establishing controls across the environment ensures that standard practices are used throughout the organization. It consists of a set of standards, processes and practices. These standards are overseen and enforced by management, creating a top-down approach, so that the practices are enforced throughout the organization. The guidelines for these are provided by the COSO Framework.
Monitoring Activities:
Ongoing monitoring of all internal control systems is required to ensure the controls are working properly for the organization in the way of internal audits. Information is gathered and evaluated by regulators and select management regularly and reports are given to management and board of directors for ongoing evaluation. External financial reporting is also a critical process that occurs, helping with fraud deterrence.
20 сен 2024